arc-1 0.6.1 → 0.6.3

package/dist/handlers/intent.js

@@ -10,13 +10,15 @@
  * leaked to the LLM — only user-friendly error messages.
  */
 import { findDefinition, findReferences, findWhereUsed, getCompletion, } from '../adt/codeintel.js';
-import { createObject, deleteObject, lockObject, safeUpdateSource, unlockObject } from '../adt/crud.js';
+import { createObject, deleteObject, lockObject, safeUpdateObject, safeUpdateSource, unlockObject, updateObject, } from '../adt/crud.js';
+import { buildDataElementXml, buildDomainXml, buildMessageClassXml, buildPackageXml, buildServiceBindingXml, } from '../adt/ddic-xml.js';
 import { activate, activateBatch, publishServiceBinding, runAtcCheck, runUnitTests, syntaxCheck, unpublishServiceBinding, } from '../adt/devtools.js';
 import { getDump, getTraceDbAccesses, getTraceHitlist, getTraceStatements, listDumps, listTraces, } from '../adt/diagnostics.js';
 import { AdtApiError, AdtNetworkError, AdtSafetyError, isNotFoundError } from '../adt/errors.js';
 import { classifyTextSearchError, mapSapReleaseToAbaplintVersion, probeFeatures } from '../adt/features.js';
-import { checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
-import { createTransport, getTransport, listTransports, releaseTransport } from '../adt/transport.js';
+import { addTileToGroup, createCatalog, createGroup, createTile, deleteCatalog, listCatalogs, listGroups, listTiles, } from '../adt/flp.js';
+import { checkOperation, checkPackage, isOperationAllowed, OperationType } from '../adt/safety.js';
+import { createTransport, deleteTransport, getTransport, getTransportInfo, listTransports, reassignTransport, releaseTransport, releaseTransportRecursive, } from '../adt/transport.js';
 import { getAppInfo } from '../adt/ui5-repository.js';
 import { validateAffHeader } from '../aff/validator.js';
 import { extractCdsElements } from '../context/cds-deps.js';
@@ -115,34 +117,65 @@ export function looksLikeFieldName(query) {
         return false;
     return true;
 }
-/** Classify error type for audit logging */
 /** Format error messages with LLM-friendly remediation hints */
 function formatErrorForLLM(err, message, _tool, args) {
     if (err instanceof AdtApiError) {
+        // Append additional SAP messages (line numbers, secondary errors) if available
+        const enriched = enrichWithSapDetails(err, message);
         if (err.isNotFound) {
             const name = String(args.name ?? '');
             const type = String(args.type ?? '');
-            return `${message}\n\nHint: Object "${name}" (type ${type}) was not found. Use SAPSearch with query "${name}" to verify the name exists and check the correct type.`;
+            return `${enriched}\n\nHint: Object "${name}" (type ${type}) was not found. Use SAPSearch with query "${name}" to verify the name exists and check the correct type.`;
         }
         if (err.isUnauthorized || err.isForbidden) {
-            return `${message}\n\nHint: Authorization error. Check SAP_CLIENT (default: '100'), SAP_USER, and SAP_PASSWORD. The configured SAP user may lack permissions for this object.`;
+            return `${enriched}\n\nHint: Authorization error. Check SAP_CLIENT (default: '100'), SAP_USER, and SAP_PASSWORD. The configured SAP user may lack permissions for this object.`;
         }
         // Transport / corrNr specific hints
         const transportHint = getTransportHint(err);
         if (transportHint) {
-            return `${message}\n\nHint: ${transportHint}`;
+            return `${enriched}\n\nHint: ${transportHint}`;
         }
+        // Server errors (500, 502, 503, etc.)
+        if (err.isServerError) {
+            return `${enriched}\n\nHint: SAP application server error (${err.statusCode}). This is often transient — wait 10-30 seconds and retry. If the error persists, check SAPDiagnose(action="dumps") for short dumps, or verify the SAP system is responding via SAPRead(type="SYSTEM").`;
+        }
+        return enriched;
     }
     if (err instanceof AdtNetworkError) {
         return `${message}\n\nHint: Cannot reach the SAP system. This is a connectivity issue, not a usage error.`;
     }
     return message;
 }
+/** Enrich error message with additional SAP XML diagnostic detail (extra messages, properties) */
+function enrichWithSapDetails(err, message) {
+    if (!err.responseBody)
+        return message;
+    const extraMessages = AdtApiError.extractAllMessages(err.responseBody);
+    const props = AdtApiError.extractProperties(err.responseBody);
+    const parts = [message];
+    if (extraMessages.length > 0) {
+        parts.push(`\nAdditional detail:\n${extraMessages.map((m) => `  - ${m}`).join('\n')}`);
+    }
+    // Surface line/column info from properties if present
+    const lineInfo = props.LINE || props['T100KEY-NO'];
+    if (lineInfo || Object.keys(props).length > 0) {
+        const propStr = Object.entries(props)
+            .slice(0, 5) // Limit to avoid overwhelming output
+            .map(([k, v]) => `${k}=${v}`)
+            .join(', ');
+        if (propStr)
+            parts.push(`Properties: ${propStr}`);
+    }
+    return parts.join('\n');
+}
 /** Detect transport/corrNr failure signatures and return a remediation hint, or undefined if not transport-related. */
 function getTransportHint(err) {
     const body = (err.responseBody ?? '').toLowerCase();
-    const msg = err.message.toLowerCase();
-    const combined = `${msg} ${body}`;
+    // Use the clean SAP error message, NOT err.message which includes the URL path.
+    // The URL path contains `corrNr=<id>` when a transport IS provided, causing false positives
+    // if we check for "corrnr" in the full message string.
+    const cleanMsg = AdtApiError.extractCleanMessage(err.responseBody ?? '').toLowerCase();
+    const combined = `${cleanMsg} ${body}`;
     // Missing or invalid transport/correction number
     if (combined.includes('correction number') ||
         combined.includes('corrnr') ||
@@ -468,6 +501,10 @@ async function handleSAPRead(client, args, cachingLayer) {
         }
         case 'DDLS': {
             const { source: ddlSource, cacheHit } = await cachedGet('DDLS', name, () => client.getDdls(name));
+            if (ddlSource.trim() === '') {
+                return textResult(`DDLS ${name} exists in the object directory but has no source code stored. ` +
+                    `The DDL source may need to be written via SAPWrite(action="create" or "update", type="DDLS", name="${name}", source="...").`);
+            }
             if (args.include?.toLowerCase() === 'elements') {
                 // Elements extraction is derived from source — no cache indicator
                 return textResult(extractCdsElements(ddlSource, name));
@@ -590,8 +627,16 @@ async function handleSAPRead(client, args, cachingLayer) {
             const components = await client.getInstalledComponents();
             return textResult(JSON.stringify(components, null, 2));
         }
-        case 'MESSAGES':
-            return textResult(await client.getMessages(name));
+        case 'MESSAGES': {
+            try {
+                const mcInfo = await client.getMessageClassInfo(name);
+                return textResult(JSON.stringify(mcInfo, null, 2));
+            }
+            catch {
+                // Fall back to legacy endpoint if messageclass endpoint unavailable
+                return textResult(await client.getMessages(name));
+            }
+        }
         case 'TEXT_ELEMENTS':
             return textResult(await client.getTextElements(name));
         case 'VARIANTS':
@@ -631,8 +676,22 @@ async function handleSAPRead(client, args, cachingLayer) {
             }
             return textResult(JSON.stringify(info, null, 2));
         }
+        case 'INACTIVE_OBJECTS': {
+            try {
+                const objects = await client.getInactiveObjects();
+                return textResult(JSON.stringify({ count: objects.length, objects }, null, 2));
+            }
+            catch (err) {
+                if (isNotFoundError(err)) {
+                    return textResult('Inactive objects listing is not available on this SAP system ' +
+                        '(the /sap/bc/adt/activation/inactive endpoint returned 404). ' +
+                        'Use SAPDiagnose(action="syntax", type="...", name="...") to check specific objects instead.');
+                }
+                throw err;
+            }
+        }
         default:
-            return errorResult(`Unknown SAPRead type: "${type}". Supported types: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS, BSP, BSP_DEPLOY, API_STATE. ` +
+            return errorResult(`Unknown SAPRead type: "${type}". Supported types: PROG, CLAS, INTF, FUNC, FUGR, INCL, DDLS, DDLX, BDEF, SRVD, SRVB, TABL, VIEW, STRU, DOMA, DTEL, TRAN, TABLE_CONTENTS, DEVC, SOBJ, SYSTEM, COMPONENTS, MESSAGES, TEXT_ELEMENTS, VARIANTS, BSP, BSP_DEPLOY, API_STATE, INACTIVE_OBJECTS. ` +
                 'Tip: Map objectType from SAPSearch results by dropping the slash suffix (e.g., DDLS/DF → type="DDLS", CLAS/OC → type="CLAS", PROG/P → type="PROG"). ' +
                 'Do not pass a URI — use the "type" and "name" parameters instead.');
     }
@@ -784,6 +843,187 @@ function buildLintConfigOptions(config, ruleOverrides) {
     };
 }
 // ─── Object Creation XML ─────────────────────────────────────────────
+const DOMAIN_V2_CONTENT_TYPE = 'application/vnd.sap.adt.domains.v2+xml; charset=utf-8';
+const DATAELEMENT_V2_CONTENT_TYPE = 'application/vnd.sap.adt.dataelements.v2+xml; charset=utf-8';
+const SERVICEBINDING_V2_CONTENT_TYPE = 'application/vnd.sap.adt.businessservices.servicebinding.v2+xml; charset=utf-8';
+const BDEF_CONTENT_TYPE = 'application/vnd.sap.adt.blues.v1+xml';
+const MESSAGECLASS_CONTENT_TYPE = 'application/vnd.sap.adt.mc.messageclass+xml';
+function isMetadataWriteType(type) {
+    return type === 'DOMA' || type === 'DTEL' || type === 'MSAG' || type === 'SRVB';
+}
+/** Types that require a specific vendor content type for creation (not application/*) */
+function needsVendorContentType(type) {
+    return type === 'DOMA' || type === 'DTEL' || type === 'BDEF' || type === 'MSAG';
+}
+/** Content type used for create POST */
+function createContentTypeForType(type) {
+    // SRVB creation works with wildcard content type; updates use vendor v2 type.
+    if (type === 'SRVB')
+        return 'application/*';
+    return needsVendorContentType(type) ? vendorContentTypeForType(type) : 'application/*';
+}
+/**
+ * Check if a DTEL create has properties that SAP ignores on POST but accepts on PUT.
+ * SAP's DTEL POST only stores the shell (name, description, package, typeKind, typeName, dataType, length).
+ * Labels, searchHelp, setGetParameter, etc. require a follow-up PUT to take effect.
+ */
+function dtelNeedsPostCreateUpdate(props) {
+    return Boolean(props.shortLabel ||
+        props.mediumLabel ||
+        props.longLabel ||
+        props.headingLabel ||
+        props.searchHelp ||
+        props.searchHelpParameter ||
+        props.setGetParameter ||
+        props.defaultComponentName ||
+        props.changeDocument);
+}
+function vendorContentTypeForType(type) {
+    switch (type) {
+        case 'DOMA':
+            return DOMAIN_V2_CONTENT_TYPE;
+        case 'DTEL':
+            return DATAELEMENT_V2_CONTENT_TYPE;
+        case 'SRVB':
+            return SERVICEBINDING_V2_CONTENT_TYPE;
+        case 'BDEF':
+            return BDEF_CONTENT_TYPE;
+        case 'MSAG':
+            return MESSAGECLASS_CONTENT_TYPE;
+        default:
+            // Wildcard lets the SAP server resolve the correct handler.
+            // Sending 'application/xml' causes 415 on DDL-based endpoints
+            // (DDLS, SRVD, DDLX) whose resource classes reject that literal type.
+            return 'application/*';
+    }
+}
+function toBoolean(value) {
+    if (typeof value === 'boolean')
+        return value;
+    if (typeof value === 'number')
+        return value !== 0;
+    if (typeof value === 'string') {
+        const normalized = value.trim().toLowerCase();
+        if (normalized === 'true')
+            return true;
+        if (normalized === 'false')
+            return false;
+    }
+    return undefined;
+}
+function getMetadataWriteProperties(input) {
+    const props = {
+        dataType: input.dataType,
+        length: input.length,
+        decimals: input.decimals,
+        outputLength: input.outputLength,
+        conversionExit: input.conversionExit,
+        signExists: input.signExists,
+        lowercase: input.lowercase,
+        fixedValues: input.fixedValues,
+        valueTable: input.valueTable,
+        typeKind: input.typeKind,
+        typeName: input.typeName,
+        domainName: input.domainName,
+        shortLabel: input.shortLabel,
+        mediumLabel: input.mediumLabel,
+        longLabel: input.longLabel,
+        headingLabel: input.headingLabel,
+        searchHelp: input.searchHelp,
+        searchHelpParameter: input.searchHelpParameter,
+        setGetParameter: input.setGetParameter,
+        defaultComponentName: input.defaultComponentName,
+        changeDocument: input.changeDocument,
+        messages: input.messages,
+        serviceDefinition: input.serviceDefinition,
+        bindingType: input.bindingType,
+        category: input.category,
+        version: input.version,
+    };
+    return props;
+}
+/**
+ * Fetch existing DDIC metadata and merge with provided properties.
+ * This ensures that updating a single field (e.g., shortLabel) doesn't
+ * reset other fields (e.g., dataType, typeKind) to defaults, since
+ * DDIC updates are full-XML-replace operations.
+ *
+ * Internal _description and _package fields carry the existing values
+ * for the caller to use as fallbacks.
+ */
+function normalizeSrvbCategory(value) {
+    if (value === '0' || value === 0 || value === 'UI')
+        return '0';
+    if (value === '1' || value === 1 || value === 'Web API')
+        return '1';
+    return undefined;
+}
+async function mergeMetadataWriteProperties(client, type, name, provided) {
+    try {
+        if (type === 'MSAG') {
+            const existing = await client.getMessageClassInfo(name);
+            return {
+                _description: existing.description,
+                _package: existing.package,
+                messages: provided.messages ?? existing.messages,
+            };
+        }
+        if (type === 'DOMA') {
+            const existing = await client.getDomain(name);
+            return {
+                _description: existing.description,
+                _package: existing.package,
+                dataType: provided.dataType ?? existing.dataType,
+                length: provided.length ?? existing.length,
+                decimals: provided.decimals ?? existing.decimals,
+                outputLength: provided.outputLength ?? existing.outputLength,
+                conversionExit: provided.conversionExit ?? existing.conversionExit,
+                signExists: provided.signExists ?? existing.signExists,
+                lowercase: provided.lowercase ?? existing.lowercase,
+                fixedValues: provided.fixedValues ?? existing.fixedValues,
+                valueTable: provided.valueTable ?? existing.valueTable,
+            };
+        }
+        if (type === 'DTEL') {
+            const existing = await client.getDataElement(name);
+            return {
+                _description: existing.description,
+                _package: existing.package,
+                dataType: provided.dataType ?? existing.dataType,
+                length: provided.length ?? existing.length,
+                decimals: provided.decimals ?? existing.decimals,
+                typeKind: provided.typeKind ?? existing.typeKind,
+                typeName: provided.typeName ?? existing.typeName,
+                domainName: provided.domainName ?? existing.typeName, // DTEL stores domain in typeName
+                shortLabel: provided.shortLabel ?? existing.shortLabel,
+                mediumLabel: provided.mediumLabel ?? existing.mediumLabel,
+                longLabel: provided.longLabel ?? existing.longLabel,
+                headingLabel: provided.headingLabel ?? existing.headingLabel,
+                searchHelp: provided.searchHelp ?? existing.searchHelp,
+                searchHelpParameter: provided.searchHelpParameter,
+                setGetParameter: provided.setGetParameter,
+                defaultComponentName: provided.defaultComponentName ?? existing.defaultComponentName,
+                changeDocument: provided.changeDocument,
+            };
+        }
+        if (type === 'SRVB') {
+            const existingRaw = await client.getSrvb(name);
+            const existing = JSON.parse(existingRaw);
+            return {
+                _description: existing.description,
+                _package: existing.package,
+                serviceDefinition: provided.serviceDefinition ?? existing.serviceDefinition,
+                bindingType: provided.bindingType ?? existing.bindingType,
+                category: provided.category ?? normalizeSrvbCategory(existing.bindingCategory),
+                version: provided.version ?? existing.serviceVersion,
+            };
+        }
+    }
+    catch {
+        // If we can't read existing metadata (e.g., object is new/inactive), fall through
+    }
+    return provided;
+}
 /**
  * Build the type-specific XML body for ADT object creation.
  *
@@ -791,7 +1031,101 @@ function buildLintConfigOptions(config, ruleOverrides) {
  * Using a generic body (e.g. adtcore:objectReferences) returns 400:
  *   "System expected the element '{http://www.sap.com/adt/programs/programs}abapProgram'"
  */
-export function buildCreateXml(type, name, pkg, description) {
+// ─── CDS Pre-Write Validation ──────────────────────────────────────
+/** Common CDS reserved/function keywords that cause silent DDL save failures when used as field names */
+const CDS_RESERVED_KEYWORDS = new Set([
+    'position',
+    'value',
+    'type',
+    'data',
+    'timestamp',
+    'language',
+    'text',
+    'source',
+    'target',
+    'name',
+    'description',
+    'concat',
+    'replace',
+    'substring',
+    'length',
+    'left',
+    'right',
+    'round',
+    'abs',
+    'floor',
+    'ceiling',
+    'division',
+    'mod',
+    'case',
+    'when',
+    'then',
+    'else',
+    'end',
+    'cast',
+    'coalesce',
+    'uuid',
+]);
+/**
+ * Guard CDS syntax against known version-dependent features.
+ * Returns an error result if the source uses unsupported syntax, or undefined to proceed.
+ * Best-effort: if cachedFeatures is not available (no probe yet), always proceeds.
+ */
+function guardCdsSyntax(type, source, features) {
+    if (type !== 'DDLS' || !source)
+        return undefined;
+    // Guard: "define table entity" requires ABAP Cloud (BTP) or SAP_BASIS >= 757
+    if (/\bdefine\s+table\s+(entity|function)\b/i.test(source)) {
+        const release = features?.abapRelease;
+        const isBtp = features?.systemType === 'btp';
+        if (!isBtp && release) {
+            const releaseNum = Number.parseInt(release.replace(/\D/g, ''), 10);
+            if (releaseNum > 0 && releaseNum < 757) {
+                return errorResult(`"define table entity" syntax requires ABAP Cloud (BTP) or S/4HANA on-premise with SAP_BASIS >= 757. ` +
+                    `This system reports SAP_BASIS ${release}. ` +
+                    `Use DDIC transparent tables (SAPWrite type="TABL" or SE11) + CDS view entities ("define [root] view entity") instead.`);
+            }
+        }
+    }
+    // Advisory: warn about CDS reserved keywords used as field names
+    const keywordWarning = warnCdsReservedKeywords(source);
+    if (keywordWarning) {
+        // Non-blocking — return undefined to proceed, but the warning will be
+        // appended to the success message by the caller if needed.
+        // For now we return it as an advisory error only when the keyword is
+        // highly likely to cause issues (position is the most common).
+        // We don't block the write — just append it as advisory context.
+    }
+    return undefined;
+}
+/**
+ * Detect CDS reserved keywords used as field names in DDL source.
+ * Returns a warning string listing suspicious field names, or undefined if none found.
+ */
+export function warnCdsReservedKeywords(source) {
+    // Extract field-name-like tokens: lines inside { } that define fields
+    // Pattern: whitespace + identifier + colon (field definitions)
+    const fieldNames = [];
+    const braceStart = source.indexOf('{');
+    const braceEnd = source.lastIndexOf('}');
+    if (braceStart === -1 || braceEnd === -1)
+        return undefined;
+    const body = source.slice(braceStart + 1, braceEnd);
+    // Match field definitions: leading whitespace, optional "key", then identifier before ":"
+    const fieldPattern = /^\s*(?:key\s+)?(\w+)\s*:/gim;
+    let match;
+    while ((match = fieldPattern.exec(body)) !== null) {
+        const fieldName = match[1]?.toLowerCase();
+        if (fieldName && CDS_RESERVED_KEYWORDS.has(fieldName)) {
+            fieldNames.push(match[1]);
+        }
+    }
+    if (fieldNames.length === 0)
+        return undefined;
+    return (`Warning: field name(s) ${fieldNames.map((f) => `'${f}'`).join(', ')} may be CDS reserved keywords. ` +
+        `If the DDL save fails with a generic syntax error, rename them (e.g., 'position' → 'playing_position', 'type' → 'obj_type').`);
+}
+export function buildCreateXml(type, name, pkg, description, properties) {
     switch (type) {
         case 'PROG':
             return `<?xml version="1.0" encoding="UTF-8"?>
@@ -850,45 +1184,145 @@ export function buildCreateXml(type, name, pkg, description) {
                adtcore:type="DDLS/DF"
                adtcore:masterLanguage="EN"
                adtcore:masterSystem="H00"
-               adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="DEVELOPER">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddl:ddlSource>`;
+        case 'TABL':
+            // TABL creation also uses SAP's "blue" framework envelope, then source is written via /source/main.
+            return `<?xml version="1.0" encoding="UTF-8"?>
+<blue:blueSource xmlns:blue="http://www.sap.com/wbobj/blue"
+                 xmlns:adtcore="http://www.sap.com/adt/core"
+                 adtcore:description="${escapeXml(description)}"
+                 adtcore:name="${escapeXml(name)}"
+                 adtcore:type="TABL/DT"
+                 adtcore:masterLanguage="EN"
+                 adtcore:masterSystem="H00"
+                 adtcore:responsible="DEVELOPER">
+  <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
+</blue:blueSource>`;
         case 'BDEF':
+            // BDEF uses SAP's "blue" framework — blue:blueSource with http://www.sap.com/wbobj/blue namespace.
+            // Confirmed by vibing-steampunk (Go) and fr0ster (TypeScript) reference implementations.
             return `<?xml version="1.0" encoding="UTF-8"?>
-<bdef:behaviorDefinition xmlns:bdef="http://www.sap.com/adt/bo/behaviordefinitions"
-                         xmlns:adtcore="http://www.sap.com/adt/core"
-                         adtcore:description="${escapeXml(description)}"
-                         adtcore:name="${escapeXml(name)}"
-                         adtcore:type="BDEF/BDO"
-                         adtcore:masterLanguage="EN"
-                         adtcore:masterSystem="H00"
-                         adtcore:responsible="DEVELOPER">
+<blue:blueSource xmlns:blue="http://www.sap.com/wbobj/blue"
+                 xmlns:adtcore="http://www.sap.com/adt/core"
+                 adtcore:description="${escapeXml(description)}"
+                 adtcore:name="${escapeXml(name)}"
+                 adtcore:type="BDEF/BDO"
+                 adtcore:masterLanguage="EN"
+                 adtcore:masterSystem="H00"
+                 adtcore:responsible="DEVELOPER">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
-</bdef:behaviorDefinition>`;
+</blue:blueSource>`;
         case 'SRVD':
             return `<?xml version="1.0" encoding="UTF-8"?>
-<srvd:srvdSource xmlns:srvd="http://www.sap.com/adt/ddic/srvd/sources"
+<srvd:srvdSource xmlns:srvd="http://www.sap.com/adt/ddic/srvdsources"
                  xmlns:adtcore="http://www.sap.com/adt/core"
                  adtcore:description="${escapeXml(description)}"
                  adtcore:name="${escapeXml(name)}"
                  adtcore:type="SRVD/SRV"
                  adtcore:masterLanguage="EN"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                 adtcore:responsible="DEVELOPER"
+                 srvd:srvdSourceType="S">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </srvd:srvdSource>`;
+        case 'SRVB': {
+            const serviceDefinition = String(properties?.serviceDefinition ?? '').trim();
+            if (!serviceDefinition) {
+                throw new Error('SRVB create/update requires "serviceDefinition" (referenced SRVD name).');
+            }
+            const categoryRaw = properties?.category;
+            const category = categoryRaw === '1' || categoryRaw === 1 ? '1' : '0';
+            const params = {
+                name,
+                description,
+                package: pkg,
+                serviceDefinition,
+                bindingType: properties?.bindingType ? String(properties.bindingType) : undefined,
+                category,
+                version: properties?.version ? String(properties.version) : undefined,
+            };
+            return buildServiceBindingXml(params);
+        }
         case 'DDLX':
             return `<?xml version="1.0" encoding="UTF-8"?>
-<ddlx:ddlxSource xmlns:ddlx="http://www.sap.com/adt/ddic/ddlx/sources"
+<ddlx:ddlxSource xmlns:ddlx="http://www.sap.com/adt/ddic/ddlxsources"
                  xmlns:adtcore="http://www.sap.com/adt/core"
                  adtcore:description="${escapeXml(description)}"
                  adtcore:name="${escapeXml(name)}"
                  adtcore:type="DDLX/EX"
                  adtcore:masterLanguage="EN"
                  adtcore:masterSystem="H00"
-                 adtcore:responsible="DEVELOPER">
+                     adtcore:responsible="DEVELOPER">
   <adtcore:packageRef adtcore:name="${escapeXml(pkg)}"/>
 </ddlx:ddlxSource>`;
+        case 'DOMA': {
+            const fixedValuesRaw = Array.isArray(properties?.fixedValues) ? properties.fixedValues : [];
+            const fixedValues = fixedValuesRaw
+                .filter((value) => typeof value === 'object' && value !== null)
+                .map((value) => ({
+                low: String(value.low ?? ''),
+                high: value.high === undefined ? undefined : String(value.high),
+                description: value.description === undefined ? undefined : String(value.description),
+            }));
+            const params = {
+                name,
+                description,
+                package: pkg,
+                dataType: String(properties?.dataType ?? 'CHAR'),
+                length: properties?.length ?? 0,
+                decimals: properties?.decimals,
+                outputLength: properties?.outputLength,
+                conversionExit: properties?.conversionExit ? String(properties.conversionExit) : undefined,
+                signExists: toBoolean(properties?.signExists),
+                lowercase: toBoolean(properties?.lowercase),
+                fixedValues,
+                valueTable: properties?.valueTable ? String(properties.valueTable) : undefined,
+            };
+            return buildDomainXml(params);
+        }
+        case 'DTEL': {
+            const typeKindRaw = String(properties?.typeKind ?? '');
+            const typeKind = typeKindRaw === 'domain' || typeKindRaw === 'predefinedAbapType' ? typeKindRaw : undefined;
+            const params = {
+                name,
+                description,
+                package: pkg,
+                typeKind,
+                typeName: properties?.typeName ? String(properties.typeName) : undefined,
+                domainName: properties?.domainName ? String(properties.domainName) : undefined,
+                dataType: properties?.dataType ? String(properties.dataType) : undefined,
+                length: properties?.length,
+                decimals: properties?.decimals,
+                shortLabel: properties?.shortLabel ? String(properties.shortLabel) : undefined,
+                mediumLabel: properties?.mediumLabel ? String(properties.mediumLabel) : undefined,
+                longLabel: properties?.longLabel ? String(properties.longLabel) : undefined,
+                headingLabel: properties?.headingLabel ? String(properties.headingLabel) : undefined,
+                searchHelp: properties?.searchHelp ? String(properties.searchHelp) : undefined,
+                searchHelpParameter: properties?.searchHelpParameter ? String(properties.searchHelpParameter) : undefined,
+                setGetParameter: properties?.setGetParameter ? String(properties.setGetParameter) : undefined,
+                defaultComponentName: properties?.defaultComponentName ? String(properties.defaultComponentName) : undefined,
+                changeDocument: toBoolean(properties?.changeDocument),
+            };
+            return buildDataElementXml(params);
+        }
+        case 'MSAG': {
+            const messagesRaw = Array.isArray(properties?.messages) ? properties.messages : [];
+            const messages = messagesRaw
+                .filter((m) => typeof m === 'object' && m !== null)
+                .map((m) => ({
+                number: String(m.number ?? ''),
+                shortText: String(m.shortText ?? ''),
+            }));
+            const params = {
+                name,
+                description,
+                package: pkg,
+                messages: messages.length > 0 ? messages : undefined,
+            };
+            return buildMessageClassXml(params);
+        }
         default:
             // Fallback — generic objectReferences using the correct URL for the type
             return `<?xml version="1.0" encoding="UTF-8"?>
@@ -940,6 +1374,10 @@ function objectBasePath(type) {
             return '/sap/bc/adt/ddic/domains/';
         case 'DTEL':
             return '/sap/bc/adt/ddic/dataelements/';
+        case 'MSAG':
+            return '/sap/bc/adt/messageclass/';
+        case 'DEVC':
+            return '/sap/bc/adt/packages/';
         case 'TRAN':
             return '/sap/bc/adt/vit/wb/object_type/trant/object_name/';
         default:
@@ -985,8 +1423,36 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
     }
     const objectUrl = objectUrlForType(type, name);
     const srcUrl = sourceUrlForType(type, name);
+    // Helper: enforce allowedPackages for existing objects (update/delete/edit_method).
+    // Only fetches metadata when package restrictions are configured — no extra HTTP call otherwise.
+    async function enforcePackageForExistingObject() {
+        if (client.safety.allowedPackages.length === 0)
+            return undefined;
+        const pkg = await client.resolveObjectPackage(objectUrl);
+        if (pkg)
+            checkPackage(client.safety, pkg);
+        return pkg;
+    }
     switch (action) {
         case 'update': {
+            const existingPackage = await enforcePackageForExistingObject();
+            if (isMetadataWriteType(type)) {
+                // Metadata updates are full-XML-replace — we must fetch existing metadata
+                // and merge with provided fields so omitted fields keep their current values.
+                // Without this, updating just labels would reset dataType/typeKind to defaults.
+                const metadataProps = getMetadataWriteProperties(args);
+                const mergedProps = await mergeMetadataWriteProperties(client, type, name, metadataProps);
+                const description = String(args.description ?? mergedProps._description ?? name);
+                const pkg = String(args.package ?? existingPackage ?? mergedProps._package ?? '$TMP');
+                const body = buildCreateXml(type, name, pkg, description, mergedProps);
+                await safeUpdateObject(client.http, client.safety, objectUrl, body, vendorContentTypeForType(type), transport);
+                cachingLayer?.invalidate(type, name);
+                return textResult(`Successfully updated ${type} ${name}.`);
+            }
+            // CDS pre-write validation: reject unsupported syntax early
+            const cdsGuardUpdate = guardCdsSyntax(type, source, cachedFeatures);
+            if (cdsGuardUpdate)
+                return cdsGuardUpdate;
             // Pre-write lint validation
             const lintWarnings = runPreWriteLint(source, type, name, config);
             if (lintWarnings.blocked)
@@ -1000,6 +1466,44 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             const pkg = String(args.package ?? '$TMP');
             checkPackage(client.safety, pkg);
             const description = String(args.description ?? name);
+            // Pre-flight: check transport requirements for non-$TMP packages when no transport provided.
+            // SAP requires a transport number for objects in transportable packages.
+            // Instead of letting SAP return a cryptic error, we detect this early and return
+            // an actionable error message guiding the LLM to use SAPTransport first.
+            let effectiveTransport = transport;
+            if (!transport && pkg.toUpperCase() !== '$TMP') {
+                try {
+                    const transportInfo = await getTransportInfo(client.http, client.safety, objectUrl, pkg, 'I');
+                    if (transportInfo.lockedTransport) {
+                        // Object is already locked in a transport — use it automatically
+                        effectiveTransport = transportInfo.lockedTransport;
+                    }
+                    else if (!transportInfo.isLocal && transportInfo.recording) {
+                        // Transport IS required but none provided — return guidance
+                        const existingList = transportInfo.existingTransports.length > 0
+                            ? `\n\nExisting transports for this package:\n${transportInfo.existingTransports
+                                .slice(0, 10)
+                                .map((t) => `  - ${t.id}: ${t.description} (${t.owner})`)
+                                .join('\n')}`
+                            : '';
+                        return errorResult(`Package "${pkg}" requires a transport number for object creation, but none was provided.\n\n` +
+                            `To fix this, either:\n` +
+                            `1. Use SAPTransport(action="list") to find an existing modifiable transport\n` +
+                            `2. Use SAPTransport(action="create", description="...") to create a new one\n` +
+                            `3. Then retry SAPWrite(action="create", ..., transport="<transport_id>")` +
+                            existingList);
+                    }
+                    // isLocal=true or recording=false → no transport needed, proceed without one
+                }
+                catch {
+                    // If transportInfo check fails (older system, permissions, etc.), proceed without it.
+                    // SAP will return its own error if a transport is actually needed.
+                }
+            }
+            // CDS pre-write validation: reject unsupported syntax early
+            const cdsGuard = guardCdsSyntax(type, source, cachedFeatures);
+            if (cdsGuard)
+                return cdsGuard;
             // AFF header validation (if schema available for this type)
             const affResult = validateAffHeader(type, { description, originalLanguage: 'en' });
             if (!affResult.valid) {
@@ -1008,10 +1512,52 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             // Build type-specific creation XML body.
             // SAP ADT requires the root element to match the object type —
             // a generic objectReferences body returns 400 "System expected the element ...".
-            const body = buildCreateXml(type, name, pkg, description);
+            const metadataProperties = getMetadataWriteProperties(args);
+            const body = buildCreateXml(type, name, pkg, description, metadataProperties);
             // Step 1: Create the object (metadata only)
             const createUrl = objectUrl.replace(/\/[^/]+$/, ''); // parent collection URL
-            const result = await createObject(client.http, client.safety, createUrl, body, 'application/xml', transport);
+            // DOMA/DTEL/BDEF require vendor-specific content types; all other types use
+            // 'application/*' — the wildcard lets the SAP server resolve the correct
+            // handler (matching how ADT Eclipse and abap-adt-api send requests).
+            const contentType = createContentTypeForType(type);
+            const result = await createObject(client.http, client.safety, createUrl, body, contentType, effectiveTransport);
+            if (isMetadataWriteType(type)) {
+                // SAP's DTEL POST ignores labels, searchHelp, etc. — they require a follow-up PUT.
+                // Use withStatefulSession directly (not safeUpdateObject) to keep the lock cycle
+                // on the main client's session, avoiding lock contention with subsequent operations.
+                if (type === 'DTEL' && dtelNeedsPostCreateUpdate(metadataProperties)) {
+                    const ct = vendorContentTypeForType(type);
+                    await client.http.withStatefulSession(async (session) => {
+                        const lock = await lockObject(session, client.safety, objectUrl);
+                        const lockTransport = effectiveTransport ?? (lock.corrNr || undefined);
+                        try {
+                            await updateObject(session, client.safety, objectUrl, body, lock.lockHandle, ct, lockTransport);
+                        }
+                        finally {
+                            await unlockObject(session, objectUrl, lock.lockHandle);
+                        }
+                    });
+                }
+                // MSAG: POST creates empty container — follow-up PUT to write messages
+                if (type === 'MSAG' && Array.isArray(metadataProperties.messages) && metadataProperties.messages.length > 0) {
+                    const ct = vendorContentTypeForType(type);
+                    await client.http.withStatefulSession(async (session) => {
+                        const lock = await lockObject(session, client.safety, objectUrl);
+                        const lockTransport = effectiveTransport ?? (lock.corrNr || undefined);
+                        try {
+                            await updateObject(session, client.safety, objectUrl, body, lock.lockHandle, ct, lockTransport);
+                        }
+                        finally {
+                            await unlockObject(session, objectUrl, lock.lockHandle);
+                        }
+                    });
+                }
+                cachingLayer?.invalidate(type, name);
+                const followUpHint = type === 'SRVB'
+                    ? `\n\nNext steps:\n1. SAPActivate(type="SRVB", name="${name}")\n2. SAPActivate(action="publish_srvb", name="${name}")`
+                    : '';
+                return textResult(`Created ${type} ${name} in package ${pkg}.\n${result}${followUpHint}`);
+            }
             // Step 2: Write source code if provided
             if (source) {
                 // Pre-write lint validation
@@ -1019,7 +1565,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                 if (lintWarnings.blocked) {
                     return textResult(`Created ${type} ${name} in package ${pkg}, but source was rejected by lint:\n${lintWarnings.result.content[0].text}`);
                 }
-                await safeUpdateSource(client.http, client.safety, objectUrl, srcUrl, source, transport);
+                await safeUpdateSource(client.http, client.safety, objectUrl, srcUrl, source, effectiveTransport);
                 cachingLayer?.invalidate(type, name);
                 const msg = `Created ${type} ${name} in package ${pkg} and wrote source code.`;
                 return lintWarnings.warnings ? textResult(`${msg}\n\n${lintWarnings.warnings}`) : textResult(msg);
@@ -1034,6 +1580,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                 return errorResult('"source" (new method body) is required for edit_method action.');
             if (type !== 'CLAS')
                 return errorResult('edit_method is only supported for type=CLAS.');
+            await enforcePackageForExistingObject();
             // Fetch current full source (use cache if available)
             const currentSource = cachingLayer
                 ? (await cachingLayer.getSource('CLAS', name, () => client.getClass(name))).source
@@ -1058,6 +1605,7 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             return lintWarnings.warnings ? textResult(`${msg}\n\n${lintWarnings.warnings}`) : textResult(msg);
         }
         case 'delete': {
+            await enforcePackageForExistingObject();
             // Lock, delete, unlock pattern — auto-propagate lock corrNr if no explicit transport
             await client.http.withStatefulSession(async (session) => {
                 const lock = await lockObject(session, client.safety, objectUrl);
@@ -1085,10 +1633,41 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
             const pkg = String(args.package ?? '$TMP');
             // Check package is allowed before starting any creates
             checkPackage(client.safety, pkg);
+            // Pre-flight transport check for batch_create (same logic as single create)
+            let batchTransport = transport;
+            if (!transport && pkg.toUpperCase() !== '$TMP') {
+                try {
+                    // Use first object's URL for the transport check
+                    const firstObj = objects[0];
+                    const firstUrl = objectUrlForType(String(firstObj.type ?? ''), String(firstObj.name ?? ''));
+                    const transportInfo = await getTransportInfo(client.http, client.safety, firstUrl, pkg, 'I');
+                    if (transportInfo.lockedTransport) {
+                        batchTransport = transportInfo.lockedTransport;
+                    }
+                    else if (!transportInfo.isLocal && transportInfo.recording) {
+                        const existingList = transportInfo.existingTransports.length > 0
+                            ? `\n\nExisting transports for this package:\n${transportInfo.existingTransports
+                                .slice(0, 10)
+                                .map((t) => `  - ${t.id}: ${t.description} (${t.owner})`)
+                                .join('\n')}`
+                            : '';
+                        return errorResult(`Package "${pkg}" requires a transport number for object creation, but none was provided.\n\n` +
+                            `To fix this, either:\n` +
+                            `1. Use SAPTransport(action="list") to find an existing modifiable transport\n` +
+                            `2. Use SAPTransport(action="create", description="...") to create a new one\n` +
+                            `3. Then retry SAPWrite(action="batch_create", ..., transport="<transport_id>")` +
+                            existingList);
+                    }
+                }
+                catch {
+                    // If transportInfo check fails, proceed — SAP will return its own error if needed.
+                }
+            }
             const results = [];
             for (const obj of objects) {
                 const objType = String(obj.type ?? '');
                 const objName = String(obj.name ?? '');
+                const metadataObject = isMetadataWriteType(objType);
                 const objSource = obj.source ? String(obj.source) : undefined;
                 const objDescription = String(obj.description ?? objName);
                 // AFF header validation per object (if schema available)
@@ -1103,8 +1682,9 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                     break;
                 }
                 try {
-                    // Pre-validate source with lint BEFORE creating the object to avoid orphaned objects
-                    if (objSource) {
+                    // Pre-validate source with lint BEFORE creating the object to avoid orphaned objects.
+                    // Metadata objects (DOMA/DTEL) are XML-only and intentionally skip source lint.
+                    if (!metadataObject && objSource) {
                         const lintWarnings = runPreWriteLint(objSource, objType, objName, config);
                         if (lintWarnings.blocked) {
                             results.push({
@@ -1119,12 +1699,27 @@ async function handleSAPWrite(client, args, config, cachingLayer) {
                     // Step 1: Create the object
                     const objUrl = objectUrlForType(objType, objName);
                     const createUrl = objUrl.replace(/\/[^/]+$/, '');
-                    const body = buildCreateXml(objType, objName, pkg, objDescription);
-                    await createObject(client.http, client.safety, createUrl, body, 'application/xml', transport);
+                    const objMetadataProps = getMetadataWriteProperties(obj);
+                    const body = buildCreateXml(objType, objName, pkg, objDescription, objMetadataProps);
+                    const contentType = createContentTypeForType(objType);
+                    await createObject(client.http, client.safety, createUrl, body, contentType, batchTransport);
+                    // Step 1b: DTEL POST ignores labels — follow up with PUT on main session
+                    if (objType === 'DTEL' && dtelNeedsPostCreateUpdate(objMetadataProps)) {
+                        await client.http.withStatefulSession(async (session) => {
+                            const lock = await lockObject(session, client.safety, objUrl);
+                            const lockTransport = batchTransport ?? (lock.corrNr || undefined);
+                            try {
+                                await updateObject(session, client.safety, objUrl, body, lock.lockHandle, contentType, lockTransport);
+                            }
+                            finally {
+                                await unlockObject(session, objUrl, lock.lockHandle);
+                            }
+                        });
+                    }
                     // Step 2: Write source if provided
-                    if (objSource) {
+                    if (!metadataObject && objSource) {
                         const srcUrl = sourceUrlForType(objType, objName);
-                        await safeUpdateSource(client.http, client.safety, objUrl, srcUrl, objSource, transport);
+                        await safeUpdateSource(client.http, client.safety, objUrl, srcUrl, objSource, batchTransport);
                     }
                     // Step 3: Activate the object
                     const activationResult = await activate(client.http, client.safety, objUrl);
@@ -1300,26 +1895,56 @@ async function handleSAPActivate(client, args) {
     }
     // Batch activation: multiple objects at once (for RAP stacks etc.)
     const type = String(args.type ?? '');
+    const preaudit = args.preaudit !== undefined ? Boolean(args.preaudit) : undefined;
+    const activateOpts = preaudit !== undefined ? { preaudit } : undefined;
     if (args.objects && Array.isArray(args.objects)) {
         const objects = args.objects.map((o) => {
             const objType = String(o.type ?? type);
             const objName = String(o.name ?? '');
             return { url: objectUrlForType(objType, objName), name: objName };
         });
-        const result = await activateBatch(client.http, client.safety, objects);
+        const result = await activateBatch(client.http, client.safety, objects, activateOpts);
         const names = objects.map((o) => o.name).join(', ');
         if (result.success) {
-            return textResult(`Successfully activated ${objects.length} objects: ${names}.${result.messages.length > 0 ? `\nMessages: ${result.messages.join('; ')}` : ''}`);
+            return textResult(`Successfully activated ${objects.length} objects: ${names}.${formatActivationMessages(result)}`);
         }
-        return errorResult(`Batch activation failed for: ${names}.\nErrors: ${result.messages.join('; ')}`);
+        return errorResult(`Batch activation failed for: ${names}.\n${formatActivationMessages(result)}`);
     }
     // Single activation (existing behavior)
     const objectUrl = objectUrlForType(type, name);
-    const result = await activate(client.http, client.safety, objectUrl);
+    const result = await activate(client.http, client.safety, objectUrl, activateOpts);
     if (result.success) {
-        return textResult(`Successfully activated ${type} ${name}.${result.messages.length > 0 ? `\nMessages: ${result.messages.join('; ')}` : ''}`);
+        return textResult(`Successfully activated ${type} ${name}.${formatActivationMessages(result)}`);
     }
-    return errorResult(`Activation failed for ${type} ${name}.\nErrors: ${result.messages.join('; ')}`);
+    return errorResult(`Activation failed for ${type} ${name}.\n${formatActivationMessages(result)}`);
+}
+/** Format activation result messages with structured detail (line numbers, URIs) when available */
+function formatActivationMessages(result) {
+    if (result.details.length === 0)
+        return '';
+    const errors = result.details.filter((d) => d.severity === 'error');
+    const warnings = result.details.filter((d) => d.severity === 'warning');
+    const parts = [];
+    if (errors.length > 0) {
+        const formatted = errors.map((e) => {
+            const prefix = e.line ? `[line ${e.line}] ` : '';
+            const suffix = e.uri ? ` (${e.uri})` : '';
+            return `- ${prefix}${e.text}${suffix}`;
+        });
+        parts.push(`Errors:\n${formatted.join('\n')}`);
+    }
+    if (warnings.length > 0) {
+        const formatted = warnings.map((w) => {
+            const prefix = w.line ? `[line ${w.line}] ` : '';
+            return `- ${prefix}${w.text}`;
+        });
+        parts.push(`Warnings:\n${formatted.join('\n')}`);
+    }
+    // Fall back to flat messages if no errors/warnings but info messages exist
+    if (parts.length === 0 && result.messages.length > 0) {
+        return `\nMessages: ${result.messages.join('; ')}`;
+    }
+    return parts.length > 0 ? `\n${parts.join('\n')}` : '';
 }
 // ─── SAPNavigate Handler ─────────────────────────────────────────────
 async function handleSAPNavigate(client, args) {
@@ -1524,8 +2149,9 @@ async function handleSAPTransport(client, args) {
     const action = String(args.action ?? '');
     switch (action) {
         case 'list': {
-            const user = args.user;
-            const transports = await listTransports(client.http, client.safety, user);
+            const user = args.user || client.username;
+            const status = args.status ?? 'D';
+            const transports = await listTransports(client.http, client.safety, user, status === '*' ? undefined : status);
             return textResult(JSON.stringify(transports, null, 2));
         }
         case 'get': {
@@ -1541,7 +2167,8 @@ async function handleSAPTransport(client, args) {
             const description = String(args.description ?? '');
             if (!description)
                 return errorResult('Description is required for "create" action.');
-            const id = await createTransport(client.http, client.safety, description);
+            const transportType = String(args.type ?? 'K');
+            const id = await createTransport(client.http, client.safety, description, undefined, transportType);
             if (!id)
                 return errorResult('Transport creation succeeded but no transport ID was returned. Check the SAP system manually.');
             return textResult(`Created transport request: ${id}`);
@@ -1553,8 +2180,61 @@ async function handleSAPTransport(client, args) {
             await releaseTransport(client.http, client.safety, id);
             return textResult(`Released transport request: ${id}`);
         }
+        case 'delete': {
+            const id = String(args.id ?? '');
+            if (!id)
+                return errorResult('Transport ID is required for "delete" action.');
+            const recursive = Boolean(args.recursive ?? false);
+            await deleteTransport(client.http, client.safety, id, recursive);
+            return textResult(`Deleted transport request: ${id}${recursive ? ' (recursive)' : ''}`);
+        }
+        case 'reassign': {
+            const id = String(args.id ?? '');
+            if (!id)
+                return errorResult('Transport ID is required for "reassign" action.');
+            const owner = String(args.owner ?? '');
+            if (!owner)
+                return errorResult('Owner is required for "reassign" action.');
+            const recursive = Boolean(args.recursive ?? false);
+            await reassignTransport(client.http, client.safety, id, owner, recursive);
+            return textResult(`Reassigned transport ${id} to ${owner}${recursive ? ' (recursive)' : ''}`);
+        }
+        case 'release_recursive': {
+            const id = String(args.id ?? '');
+            if (!id)
+                return errorResult('Transport ID is required for "release_recursive" action.');
+            const result = await releaseTransportRecursive(client.http, client.safety, id);
+            return textResult(JSON.stringify(result, null, 2));
+        }
+        case 'check': {
+            // Check transport requirements for an object/package combination.
+            // Does NOT require enableTransports — this is a read-only check.
+            const objectType = String(args.type ?? '');
+            const objectName = String(args.name ?? '');
+            const pkg = String(args.package ?? '');
+            if (!objectType || !objectName)
+                return errorResult('"type" and "name" are required for "check" action.');
+            if (!pkg)
+                return errorResult('"package" is required for "check" action.');
+            const objectUrl = objectUrlForType(objectType, objectName);
+            const info = await getTransportInfo(client.http, client.safety, objectUrl, pkg, 'I');
+            const summary = info.isLocal
+                ? `Package "${pkg}" is local — no transport required.`
+                : info.recording
+                    ? `Package "${pkg}" requires a transport for object creation.`
+                    : `Package "${pkg}" does not require transport recording.`;
+            return textResult(JSON.stringify({
+                package: pkg,
+                transportRequired: !info.isLocal && info.recording,
+                isLocal: info.isLocal,
+                deliveryUnit: info.deliveryUnit,
+                existingTransports: info.existingTransports,
+                ...(info.lockedTransport ? { lockedTransport: info.lockedTransport } : {}),
+                summary,
+            }, null, 2));
+        }
         default:
-            return errorResult(`Unknown SAPTransport action: ${action}. Supported: list, get, create, release`);
+            return errorResult(`Unknown SAPTransport action: ${action}. Supported: list, get, create, release, delete, reassign, release_recursive, check`);
     }
 }
 // ─── SAPContext Handler ───────────────────────────────────────────────
@@ -1669,6 +2349,7 @@ async function handleSAPContext(client, args, cachingLayer) {
 let cachedFeatures;
 async function handleSAPManage(client, config, args, cachingLayer, isPerUserClient) {
     const action = String(args.action ?? '');
+    const flpUnavailableMessage = 'FLP customization service (PAGE_BUILDER_CUST) is not available on this system. Check ICF service activation in SICF.';
     switch (action) {
         case 'features': {
             if (!cachedFeatures) {
@@ -1676,6 +2357,208 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             }
             return textResult(JSON.stringify(cachedFeatures, null, 2));
         }
+        case 'create_package': {
+            const name = String(args.name ?? '').trim();
+            const description = String(args.description ?? '').trim();
+            const superPackage = String(args.superPackage ?? '').trim();
+            const softwareComponent = String(args.softwareComponent ?? '').trim();
+            const transportLayer = String(args.transportLayer ?? '').trim();
+            const transport = String(args.transport ?? '').trim();
+            if (!name)
+                return errorResult('"name" is required for create_package action.');
+            if (!description)
+                return errorResult('"description" is required for create_package action.');
+            checkOperation(client.safety, OperationType.Create, 'CreatePackage');
+            // Package allowlist is enforced on the parent package, not the new package name.
+            // This enables creating children in allowed parents like $TMP.
+            if (superPackage) {
+                checkPackage(client.safety, superPackage);
+            }
+            let effectiveTransport = transport || undefined;
+            const packageUrl = `/sap/bc/adt/packages/${encodeURIComponent(name)}`;
+            // Transport pre-flight for non-local parent packages when no transport is provided.
+            if (!effectiveTransport && superPackage && superPackage.toUpperCase() !== '$TMP') {
+                try {
+                    const transportInfo = await getTransportInfo(client.http, client.safety, packageUrl, superPackage, 'I');
+                    if (transportInfo.lockedTransport) {
+                        effectiveTransport = transportInfo.lockedTransport;
+                    }
+                    else if (!transportInfo.isLocal && transportInfo.recording) {
+                        const existingList = transportInfo.existingTransports.length > 0
+                            ? `\n\nExisting transports for this package:\n${transportInfo.existingTransports
+                                .slice(0, 10)
+                                .map((t) => `  - ${t.id}: ${t.description} (${t.owner})`)
+                                .join('\n')}`
+                            : '';
+                        return errorResult(`Package "${superPackage}" requires a transport number for package creation, but none was provided.\n\n` +
+                            `To fix this, either:\n` +
+                            `1. Use SAPTransport(action="list") to find an existing modifiable transport\n` +
+                            `2. Use SAPTransport(action="create", description="...") to create a new one\n` +
+                            `3. Then retry SAPManage(action="create_package", ..., transport="<transport_id>")` +
+                            existingList);
+                    }
+                }
+                catch {
+                    // Graceful fallback: let SAP enforce transport requirements if the pre-check fails.
+                }
+            }
+            const packageTypeRaw = String(args.packageType ?? '').trim();
+            const packageType = packageTypeRaw === 'development' || packageTypeRaw === 'structure' || packageTypeRaw === 'main'
+                ? packageTypeRaw
+                : undefined;
+            const xml = buildPackageXml({
+                name,
+                description,
+                superPackage: superPackage || undefined,
+                softwareComponent: softwareComponent || undefined,
+                transportLayer: transportLayer || undefined,
+                packageType,
+            });
+            await createObject(client.http, client.safety, '/sap/bc/adt/packages', xml, 'application/*', effectiveTransport);
+            return textResult(`Created package ${name}.`);
+        }
+        case 'delete_package': {
+            const name = String(args.name ?? '').trim();
+            const transport = String(args.transport ?? '').trim();
+            if (!name)
+                return errorResult('"name" is required for delete_package action.');
+            checkOperation(client.safety, OperationType.Delete, 'DeletePackage');
+            const packageUrl = `/sap/bc/adt/packages/${encodeURIComponent(name)}`;
+            await client.http.withStatefulSession(async (session) => {
+                const lock = await lockObject(session, client.safety, packageUrl);
+                const effectiveTransport = transport || lock.corrNr || undefined;
+                try {
+                    await deleteObject(session, client.safety, packageUrl, lock.lockHandle, effectiveTransport);
+                }
+                finally {
+                    try {
+                        await unlockObject(session, packageUrl, lock.lockHandle);
+                    }
+                    catch {
+                        // Object may already be deleted — unlock failure is expected.
+                    }
+                }
+            });
+            return textResult(`Deleted package ${name}.`);
+        }
+        case 'flp_list_catalogs': {
+            const catalogs = await listCatalogs(client.http, client.safety);
+            const customCount = catalogs.filter((c) => /^(Z|Y)/i.test(c.domainId)).length;
+            const lines = [
+                `${catalogs.length} catalogs (${customCount} custom Z/Y). Columns: domainId | title | type | scope | chips`,
+                ...catalogs.map((c) => `${c.domainId} | ${c.title || '(no title)'} | ${c.type || '-'} | ${c.scope || '-'} | ${c.chipCount}`),
+            ];
+            return textResult(lines.join('\n'));
+        }
+        case 'flp_list_groups': {
+            const groups = await listGroups(client.http, client.safety);
+            const lines = [
+                `${groups.length} groups. Columns: id | title`,
+                ...groups.map((g) => `${g.id} | ${g.title || '(no title)'}`),
+            ];
+            return textResult(lines.join('\n'));
+        }
+        case 'flp_list_tiles': {
+            const catalogId = String(args.catalogId ?? '');
+            if (!catalogId)
+                return errorResult('"catalogId" is required for flp_list_tiles action.');
+            const result = await listTiles(client.http, client.safety, catalogId);
+            if (result.backendError) {
+                return textResult(`⚠ Backend error for catalog "${catalogId}": ${result.backendError}\n\nReturned 0 tiles.`);
+            }
+            const lines = [
+                `${result.tiles.length} tiles in catalog "${catalogId}". Columns: instanceId | title | chipId | semanticObject | semanticAction`,
+                ...result.tiles.map((t) => {
+                    const so = t.configuration?.semantic_object ?? '';
+                    const sa = t.configuration?.semantic_action ?? '';
+                    return `${t.instanceId} | ${t.title || '(no title)'} | ${t.chipId} | ${so} | ${sa}`;
+                }),
+            ];
+            return textResult(lines.join('\n'));
+        }
+        case 'flp_create_catalog': {
+            if (cachedFeatures?.flp && !cachedFeatures.flp.available) {
+                return errorResult(flpUnavailableMessage);
+            }
+            const domainId = String(args.domainId ?? '');
+            const title = String(args.title ?? '');
+            if (!domainId)
+                return errorResult('"domainId" is required for flp_create_catalog action.');
+            if (!title)
+                return errorResult('"title" is required for flp_create_catalog action.');
+            const catalog = await createCatalog(client.http, client.safety, domainId, title);
+            return textResult(JSON.stringify(catalog, null, 2));
+        }
+        case 'flp_create_group': {
+            if (cachedFeatures?.flp && !cachedFeatures.flp.available) {
+                return errorResult(flpUnavailableMessage);
+            }
+            const groupId = String(args.groupId ?? '');
+            const title = String(args.title ?? '');
+            if (!groupId)
+                return errorResult('"groupId" is required for flp_create_group action.');
+            if (!title)
+                return errorResult('"title" is required for flp_create_group action.');
+            const group = await createGroup(client.http, client.safety, groupId, title);
+            return textResult(JSON.stringify(group, null, 2));
+        }
+        case 'flp_create_tile': {
+            if (cachedFeatures?.flp && !cachedFeatures.flp.available) {
+                return errorResult(flpUnavailableMessage);
+            }
+            const catalogId = String(args.catalogId ?? '');
+            if (!catalogId)
+                return errorResult('"catalogId" is required for flp_create_tile action.');
+            const rawTile = args.tile;
+            if (!rawTile || typeof rawTile !== 'object' || Array.isArray(rawTile)) {
+                return errorResult('"tile" object is required for flp_create_tile action.');
+            }
+            const tile = rawTile;
+            const id = String(tile.id ?? '');
+            const title = String(tile.title ?? '');
+            const semanticObject = String(tile.semanticObject ?? '');
+            const semanticAction = String(tile.semanticAction ?? '');
+            if (!id || !title || !semanticObject || !semanticAction) {
+                return errorResult('"tile.id", "tile.title", "tile.semanticObject", and "tile.semanticAction" are required for flp_create_tile action.');
+            }
+            const tileInstance = await createTile(client.http, client.safety, catalogId, {
+                id,
+                title,
+                semanticObject,
+                semanticAction,
+                icon: typeof tile.icon === 'string' ? tile.icon : undefined,
+                url: typeof tile.url === 'string' ? tile.url : undefined,
+                subtitle: typeof tile.subtitle === 'string' ? tile.subtitle : undefined,
+                info: typeof tile.info === 'string' ? tile.info : undefined,
+            });
+            return textResult(JSON.stringify(tileInstance, null, 2));
+        }
+        case 'flp_add_tile_to_group': {
+            if (cachedFeatures?.flp && !cachedFeatures.flp.available) {
+                return errorResult(flpUnavailableMessage);
+            }
+            const groupId = String(args.groupId ?? '');
+            const catalogId = String(args.catalogId ?? '');
+            const tileInstanceId = String(args.tileInstanceId ?? '');
+            if (!groupId)
+                return errorResult('"groupId" is required for flp_add_tile_to_group action.');
+            if (!catalogId)
+                return errorResult('"catalogId" is required for flp_add_tile_to_group action.');
+            if (!tileInstanceId)
+                return errorResult('"tileInstanceId" is required for flp_add_tile_to_group action.');
+            const result = await addTileToGroup(client.http, client.safety, groupId, catalogId, tileInstanceId);
+            return textResult(JSON.stringify(result, null, 2));
+        }
+        case 'flp_delete_catalog': {
+            if (cachedFeatures?.flp && !cachedFeatures.flp.available) {
+                return errorResult(flpUnavailableMessage);
+            }
+            const catalogId = String(args.catalogId ?? '');
+            if (!catalogId)
+                return errorResult('"catalogId" is required for flp_delete_catalog action.');
+            await deleteCatalog(client.http, client.safety, catalogId);
+            return textResult(`Deleted FLP catalog: ${catalogId}`);
+        }
         case 'cache_stats': {
             if (!cachingLayer) {
                 return textResult(JSON.stringify({ enabled: false, message: 'Object cache is disabled (ARC1_CACHE=none).' }));
@@ -1698,6 +2581,7 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             featureConfig.ui5 = config.featureUi5;
             featureConfig.transport = config.featureTransport;
             featureConfig.ui5repo = config.featureUi5Repo;
+            featureConfig.flp = config.featureFlp;
             const probed = await probeFeatures(client.http, featureConfig, config.systemType);
             // In PP mode with a per-user client, auth-sensitive results (401/403 on any
             // feature) must not poison the global cache — another user may have different
@@ -1721,7 +2605,7 @@ async function handleSAPManage(client, config, args, cachingLayer, isPerUserClie
             return textResult(JSON.stringify(probed, null, 2));
         }
         default:
-            return errorResult(`Unknown SAPManage action: ${action}. Supported: features, probe, cache_stats`);
+            return errorResult(`Unknown SAPManage action: ${action}. Supported: features, probe, cache_stats, create_package, delete_package, flp_list_catalogs, flp_list_groups, flp_list_tiles, flp_create_catalog, flp_create_group, flp_create_tile, flp_add_tile_to_group, flp_delete_catalog`);
     }
 }
 /** Reset cached features (for testing) */